•
They filter traffic going into and coming out of the tunnels so that it is within the
specified range. If the configuration requires that only one IPSec tunnel exists between
two endpoints and no traffic filtering is required, you can omit the
tunnel local-identity
and
tunnel peer-identity
commands.
Example 1
In Figure 15 on page 153 customer A is using Frame Relay to connect its corporate offices
in three cities: Boston, Ottawa, and Boca.
Figure 15: Customer A's Corporate Frame Relay Network
Customer A hires ISP-X to provide a leased line replacement over an IP infrastructure
using IPSec. ISP-X can offer a replacement for long-haul Frame Relay links by creating
IPSec tunnels to carry customer A's traffic securely between the sites over the public or
ISP-provided IP network. This alternative costs only a fraction of the price of the Frame
Relay links. Figure 16 on page 153 shows the connectivity scheme.
Figure 16: ISP-X Uses ERX Routers to Connect Corporate Offices over the
Internet
To configure the connections as shown in Figure 16 on page 153:
1.
On each ERX router, create a protection suite that provides 3DES encryption with
SHA-1 authentication on every packet.
erx1(config)#
ipsec transform-set customerAprotection esp-3des-hmac-sha
erx2(config)#
ipsec transform-set customerAprotection esp-3des-hmac-sha
erx3(config)#
ipsec transform-set customerAprotection esp-3des-hmac-sha
153
Copyright © 2010, Juniper Networks, Inc.
Chapter 5: Configuring IPSec
Summary of Contents for JUNOSE 11.2.X IP SERVICES
Page 6: ...Copyright 2010 Juniper Networks Inc vi...
Page 8: ...Copyright 2010 Juniper Networks Inc viii JunosE 11 2 x IP Services Configuration Guide...
Page 18: ...Copyright 2010 Juniper Networks Inc xviii JunosE 11 2 x IP Services Configuration Guide...
Page 22: ...Copyright 2010 Juniper Networks Inc xxii JunosE 11 2 x IP Services Configuration Guide...
Page 28: ...Copyright 2010 Juniper Networks Inc 2 JunosE 11 2 x IP Services Configuration Guide...
Page 116: ...Copyright 2010 Juniper Networks Inc 90 JunosE 11 2 x IP Services Configuration Guide...
Page 144: ...Copyright 2010 Juniper Networks Inc 118 JunosE 11 2 x IP Services Configuration Guide...
Page 230: ...Copyright 2010 Juniper Networks Inc 204 JunosE 11 2 x IP Services Configuration Guide...
Page 262: ...Copyright 2010 Juniper Networks Inc 236 JunosE 11 2 x IP Services Configuration Guide...
Page 294: ...Copyright 2010 Juniper Networks Inc 268 JunosE 11 2 x IP Services Configuration Guide...
Page 328: ...Copyright 2010 Juniper Networks Inc 302 JunosE 11 2 x IP Services Configuration Guide...
Page 345: ...PART 2 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Page 346: ...Copyright 2010 Juniper Networks Inc 320 JunosE 11 2 x IP Services Configuration Guide...
Page 356: ...Copyright 2010 Juniper Networks Inc 330 JunosE 11 2 x IP Services Configuration Guide...